/
defender_pua.go
80 lines (76 loc) · 3.27 KB
/
defender_pua.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// Hardentools
// Copyright (C) 2017-2022 Security Without Borders
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package main
// :: Enable Defender signatures for Potentially Unwanted Applications (PUA)
// HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
// PUAProtection DWORD 1 (= enable) (2 = Audit Mode)
// HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine
// MpEnablePus DWORD 1
//
// alternatively one can use (not used in hardentools):
// powershell.exe Set-MpPreference -PUAProtection enable
//
// test via : https://www.amtso.org/feature-settings-check-potentially-unwanted-applications/
//
// Further literature:
// https://docs.microsoft.com/de-de/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-worldwide
// https://www.deskmodder.de/blog/2018/08/20/pua-schutzfunktion-im-windows-defender-aktivieren-windows-10/
// https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsDefender::Root_PUAProtection&Language=de-de
// https://social.technet.microsoft.com/wiki/contents/articles/32909.windows-defender-how-to-activate-potentially-unwanted-applications-pua-protection.aspx
import (
"golang.org/x/sys/windows/registry"
)
// PUA contains the registry keys to be hardened.
var PUA = &MultiHardenInterfaces{
hardenInterfaces: []HardenInterface{
&RegistrySingleValueDWORD{
RootKey: registry.LOCAL_MACHINE,
Path: "SOFTWARE\\Policies\\Microsoft\\Windows Defender",
ValueName: "PUAProtection",
HardenedValue: 1,
shortName: "Defender PUA",
longName: "Defender PUA Protection",
hardenByDefault: true,
},
&RegistrySingleValueDWORD{
RootKey: registry.LOCAL_MACHINE,
Path: "SOFTWARE\\Policies\\Microsoft\\Windows Defender\\MpEngine",
// MpEnablePus DWORD 1",
ValueName: "MpEnablePus",
HardenedValue: 1,
shortName: "Defender PUA MpEnablePus",
longName: "Defender PUA MpEnablePus",
hardenByDefault: true,
},
&RegistrySingleValueDWORD{
RootKey: registry.LOCAL_MACHINE,
Path: "SOFTWARE\\Policies\\Microsoft\\Edge",
ValueName: "SmartScreenPuaEnabled",
HardenedValue: 1,
shortName: "Edge Browser PUA",
longName: "Edge Browser PUA",
hardenByDefault: true,
},
},
shortName: "PUA Protection",
longName: "Defender PUA Protection",
description: `Enables Potentially Unwanted Applications (PUA) in Windows
Defender and Microsoft Edge. This protects you from software
that can cause your machine to run slowly, display unexpected
ads, or at worst, install other software that might be
unexpected or unwanted.`,
hardenByDefault: true,
}